search for: kanguru

...which are undone go unnoticed. Also, somehow you need to protect the executable and configuration file so that an attacker can't replace the executable or read the configuration and find a way around it. The executable could be placed on mounted read-only media, last time I checked Netac and Kanguru still made USB sticks with write-protect switches. Our best effort for protecting configuration is to deliver the configuration file just-in-time and delete it after the scheduled run, not a great solution, anybody have a better idea? OSSEC is daemon-based and centrally-managed. It is a HIDS rat...

How do you know when a Linux system has been compromised?? Every day I watch our systems with all the typical tools, ps, top, who, I watch firewall / IPS logs, I have logwatch setup and mailing daily summaries to me and I dive deeper into logs if something looks suspicious. What am I missing or not looking at that you security gurus are looking at? I subscribe to the centos and SANS